|
|
Firefox Popup Blocker has security hole (v1.5.0.9.) - TechAmok
Firefox Popup Blocker has security hole (v1.5.0.9.) - [security]
06:36 AM EST - Feb,07 2007 - post a comment There
is an interesting vulnerability in the default behavior of Firefox built-in
popup blocker. This vulnerability, coupled with an additional trick, allows the
attacker to read arbitrary user-accessible files on the system, and thus steal
some fairly sensitive information. The problem seems to affect Firefox version
1.5.0.9.
For security reasons, Firefox does not allow Internet-originating websites to
access the file:// namespace. When the user chooses to manually allow a blocked
popup however, normal URL permission checks are bypassed. The attacker may fool
the browser to parse a chosen HTML document stored on the local filesystem, and
because Firefox security manager treats all file:/// URLs as having "same
origin", such a document could read other local files at its discretion with the
use of XMLHttpRequest, and relay that information to a remote server.
Now, to make the attack effective, the attacker would need to plant a
predictably named file with exploit code on the target system. This sounds hard,
but isn't: Firefox sometimes creates outright deterministic temporary filenames
in system-wide temporary directory when opening files with external
applications; even if we ignore this possibility (since it requires the user to
take an additional step that may be difficult to justify), "random" temporary
files are created using a flawed algorithm in
nsExternalAppHandler::SetUpTempFile and other locations.
The problem here is that stdlib linear congruential PRNG (srand/rand) is seeded
immediately prior to file creation with current time in seconds (actually,
microseconds, but divided by 1e6); rand() is then used in direct succession to
produce an "unpredictable" file name. Normally, were the PRNG seeded once on
program start and then subsequently invoked, results would be deterministic, but
difficult to blindly predict in the real world; but here, the job is much
easier: we know when the download start, we know what the seed would be, and how
many subsequent calls to it are made - we know the output.
|
|
Short overview of recent news articles |
|
Pentagon Blacklists Anthropic Over AI Safeguards; OpenAI Secures (Feb,28 2026 ) Have RAM and GPU Prices Peaked? (Feb,27 2026 ) Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in (Feb,27 2026 ) Stop WASTING Money on Fancy RAM (Feb,27 2026 ) Drunk AI robot (Feb,27 2026 ) AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in (Feb,26 2026 ) Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for (Feb,26 2026 ) Apple Scores Historic NATO Security Clearance: iPhone and iPad First (Feb,26 2026 ) Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain (Feb,26 2026 ) Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S (Feb,26 2026 ) Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro (Feb,26 2026 ) The Galaxy S26 Ultra has a 'wow' feature with video Lock (Feb,26 2026 ) I built the most BORING PC possible... and here is why it's (Feb,26 2026 ) Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 (Feb,26 2026 ) UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory (Feb,26 2026 ) Samsung Previews New AI Features Ahead of Flagship Phone Launch (Feb,25 2026 ) China's DeepSeek Bars Nvidia and AMD from New AI Model, Boosts (Feb,25 2026 ) Avast Impersonation Scam: Fake Site Tricks Users into Handing Over (Feb,25 2026 ) Microsoft Pulls the Plug: Windows Server 2016 and 2016-Era Windows (Feb,25 2026 ) I Scrapped 13 MACHINES to Prove a Point: STOP BUYING These Brands! (Feb,25 2026 ) How Stealthy was the 7zip Malware and how to spot it? (Feb,25 2026 ) Microsoft Drops Fresh Non-Security Boost for Windows 11 24H2 and (Feb,25 2026 ) Game-Changer: ASML's 1kW EUV Upgrade Promises 50% Chip Production (Feb,24 2026 ) This Outstanding Cooling Technology Might Have No Future (Feb,24 2026 ) AMD Strix Halo 395 vs Intel Panther Lake - Real Benchmarks (Feb,24 2026 ) Anthropic published a blog post saying Claude can modernize COBOL (Feb,24 2026 ) WhatsApp Goes Beyond 2FA: Extra Password Layer Makes Accounts Nearly (Feb,24 2026 ) Google Chrome Gets February 23 Security Boost with 3 High Fixes (Feb,24 2026 ) Stargate Stalls: OpenAI's $500B Dream Hits Roadblocks as $14B 2026 (Feb,23 2026 ) Google Crushes Cyber Threats: Blocks 1.75 Million Bad Apps and Bans (Feb,23 2026 ) Bitcoin Miner Bitdeer Sells Everything: Treasury Hits Zero in AI (Feb,22 2026 ) HW News - More Valve RAM Shortages, Tariffs Ruling, AI Causes PS6 (Feb,22 2026 ) Microsoft's Deep Integration of Copilot in Windows 11 Raises (Feb,22 2026 ) Elon Musk Confirms X Money Now Live in Internal Beta for Employees, (Feb,22 2026 ) Scream (1996) Flashback Review (Feb,22 2026 ) PayPal Confirms Major Breach: SSNs, Emails, and More Exposed from (Feb,22 2026 ) Does Freezing Help Delidding? 9850X3D Delid & Overclocking Test (Feb,22 2026 ) Microsoft is phasing out the custom primary password feature in its (Feb,22 2026 ) Everyone is Buying the Wrong Dash Cam! (2026) (Feb,21 2026 ) Big Brother on Discord: Leaked Code Shows Age Verification Runs You (Feb,20 2026 ) OpenClaw’s Top Skill is a Malware that Stole SSH Keys and Opened (Feb,19 2026 ) Google Adds Satellite SOS to its Affordable Pixel Phone (Feb,19 2026 ) Phison CEO Warns: AI-Driven NAND and DRAM Shortage Could Bankrupt (Feb,19 2026 ) NVIDIA CEO hypes up GTC 2026, promises to unveil a chip that will (Feb,19 2026 ) Microsoft is uploading your confidential emails to Copilot for (Feb,19 2026 ) Anthropic Releases Claude Sonnet 4.6 with Improved Coding, Computer (Feb,18 2026 ) Apple Eyeing A Partnership With Chinese Memory Makers YMTC And CXMT (Feb,17 2026 ) This $60,000 TV was IRRESISTIBLE (Feb,17 2026 ) Keenadu Android Backdoor Infects Firmware, Spreads via Google Play (Feb,17 2026 ) Discord's ID Check Nightmare Sparks Massive Exodus to TeamSpeak (Feb,17 2026 )
>> News Archive <<
| |
|
